Merge pull request #112 from NVIDIA/release/v2.6.2

Authorization header updated to Bearer + pytests

Author: skalyanaraman57

guest_tools/attestation_sdk/README.md

@@ -83,11 +83,11 @@ Please execute the following commands to clean up packages that were not install
 
 - Local GPU Attestation
 
-  Refer to the [sample implementation](tests/end_to_end/hardware/LocalGPUTest.py)
+  Refer to the [sample implementation](tests/end_to_end/hardware/sample/LocalGPUTest.py)
 
 - Remote GPU Attestation
 
-  Refer to the [sample implementation](tests/end_to_end/hardware/RemoteGPUTest.py)
+  Refer to the [sample implementation](tests/end_to_end/hardware/sample/RemoteGPUTest.py)
 
 ## Switch Attestation
 
@@ -124,7 +124,7 @@ Please note that the Schema/EAT claim information is subject to change in future
 
 ### Driver Version
 - Use the latest GPU verifier version for optimal compatibility with the most recent drivers.
-- For attestation-specific platforms like Blackwell, ensure device-specific CC-enabled drivers are installed (e.g., R575 for Blackwell).
+- For attestation-specific platforms like Blackwell, ensure device-specific CC-enabled drivers are installed (e.g., R575 or above for Blackwell).
 - For RTX PRO 6000 Blackwell platforms, ensure that compatible drivers R580 or later are installed 
 
 ### Claims Version
@@ -147,6 +147,7 @@ v2.4.0          | 2.0, 3.0
 v2.5.0          | 2.0, 3.0
 v2.6.0          | 2.0, 3.0
 v2.6.1          | 2.0, 3.0
+v2.6.2          | 2.0, 3.0
 
 More information on claims can be found [here](../attestation_troubleshooting_guide.md)
 

guest_tools/attestation_sdk/pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "nv-attestation-sdk"
-version = "2.6.1"
+version = "2.6.2"
 description = "The Attestation SDK provides developers with a easy to use APIs for implementing attestation capabilities into their applications."
 authors = ["Karthik Jayaraman <kjayaraman@nvidia.com>"]
 readme = "README.md"
@@ -22,7 +22,7 @@ xmlschema = "==2.2.3"
 pyOpenSSL = "==24.2.1"
 PyJWT = "==2.7.0"
 nvidia-ml-py = ">=12.535.77"
-nv-local-gpu-verifier = "2.6.1"
+nv-local-gpu-verifier = "2.6.2"
 build = ">=0.7.0"
 twine = ">=3.7.1"
 pylint = ">=2.9.6"
@@ -41,4 +41,4 @@ requires = ["poetry-core>=1.0.0"]
 build-backend = "poetry.core.masonry.api"
 
 # [tool.poetry.package.data]
-# nv_attestation_sdk = ["verifiers/nv_switch_verifier/rim/*.xsd", "verifiers/nv_switch_verifier/certs/*.pem"]
+# nv_attestation_sdk = ["verifiers/nv_switch_verifier/rim/*.xsd", "verifiers/nv_switch_verifier/certs/*.pem"]

guest_tools/attestation_sdk/src/nv_attestation_sdk/utils/headers.py

@@ -2,4 +2,4 @@
 
 """Maintains the set of request headers for service calls to dependent URL's"""
 OCSP_ALLOW_CERT_HOLD = "X-NVIDIA-OCSP-ALLOW-CERT-HOLD"
-SERVICE_KEY_VALUE = "nv-sak {}"
+SERVICE_KEY_VALUE = "Bearer {}"

guest_tools/attestation_sdk/src/nv_attestation_sdk/verifiers/nv_switch_verifier/rim/xml.xsd

@@ -284,4 +284,3 @@
  </xs:annotation>
 
 </xs:schema>
-

guest_tools/attestation_sdk/tests/end_to_end/hardware/conftest.py

@@ -0,0 +1,83 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+#
+import pytest
+import subprocess
+
+DEFAULT_NRAS_GPU_URL = "https://nras.attestation.nvidia.com/v3/attest/gpu"
+DEFAULT_NRAS_SWITCH_URL = "https://nras.attestation.nvidia.com/v3/attest/switch"
+DEFAULT_RIM_SERVICE_URL = "https://rim.attestation.nvidia.com/v1/rim/"
+DEFAULT_OCSP_URL = "https://ocsp.ndis.nvidia.com/"
+DEFAULT_TRUST_OUTPOST_RIM_SERVICE_URL = "https://rim.attestation.nvidia.com/v1/rim/"
+DEFAULT_TRUST_OUTPOST_OCSP_URL = "https://ocsp.ndis.nvidia.com"
+
+def pytest_addoption(parser):
+    parser.addoption("--nras-gpu-url", action="store", default=DEFAULT_NRAS_GPU_URL,
+                    help="NRAS URL for GPU attestation (default: %(default)s)")
+    parser.addoption("--nras-switch-url", action="store", default=DEFAULT_NRAS_GPU_URL,
+                    help="NRAS URL for Switch attestation (default: %(default)s)")
+    parser.addoption("--rim-url", action="store", default=DEFAULT_RIM_SERVICE_URL,
+                    help="RIM URL for attestation (default: %(default)s)")
+    parser.addoption("--ocsp-url", action="store", default=DEFAULT_OCSP_URL,
+                    help="OCSP URL for attestation (default: %(default)s)")
+    parser.addoption("--trust-outpost-rim-url", action="store", default=DEFAULT_TRUST_OUTPOST_RIM_SERVICE_URL,
+                    help="RIM URL for Trust Outpost attestation (default: %(default)s)")
+    parser.addoption("--trust-outpost-ocsp-url", action="store", default=DEFAULT_TRUST_OUTPOST_OCSP_URL,
+                    help="OCSP URL for Trust Outpost attestation (default: %(default)s)")
+    parser.addoption("--service-key", action="store", default=None,
+                    help="Service key for calling attestation services (default: %(default)s)")
+
+@pytest.fixture(autouse=True)
+def nras_gpu_url(request, monkeypatch):
+    """Fixture to get the NRAS GPU URL from command line or use default.  This also sets the environment variable NV_NRAS_GPU_URL"""
+    nras_gpu_url = request.config.getoption("--nras-gpu-url")
+    if nras_gpu_url is not None:
+        monkeypatch.setenv("NV_NRAS_GPU_URL", nras_gpu_url)
+    return nras_gpu_url
+
+@pytest.fixture(autouse=True)
+def nras_switch_url(request, monkeypatch):
+    """Fixture to get the NRAS Switch URL from command line or use default.  This also sets the environment variable NV_NRAS_NVSWITCH_URL"""
+    nras_switch_url = request.config.getoption("--nras-switch-url")
+    if nras_switch_url is not None:
+        monkeypatch.setenv("NV_NRAS_NVSWITCH_URL", nras_switch_url)
+    return nras_switch_url
+
+@pytest.fixture(autouse=True)
+def rim_url(request, monkeypatch):
+    """Fixture to get the RIM URL from command line or use default.  This also sets the environment variable NV_RIM_URL"""
+    rim_url = request.config.getoption("--rim-url")
+    if rim_url is not None:
+        monkeypatch.setenv("NV_RIM_URL", rim_url)
+    return rim_url
+
+@pytest.fixture(autouse=True)
+def trust_outpost_rim_url(request, monkeypatch):
+    """Fixture to get the Trust Outpost RIM URL from command line or use default.  This also sets the environment variable NV_RIM_URL"""
+    trust_outpost_rim_url = request.config.getoption("--trust-outpost-rim-url")
+    if trust_outpost_rim_url is not None:
+        monkeypatch.setenv("NV_RIM_URL", trust_outpost_rim_url)
+    return trust_outpost_rim_url
+
+@pytest.fixture
+def ocsp_url(request, monkeypatch):
+    """Fixture to get the OCSP URL from command line or use default.  This also sets the environment variable NV_OCSP_URL"""
+    ocsp_url = request.config.getoption("--ocsp-url")
+    if ocsp_url is not None:
+        monkeypatch.setenv("NV_OCSP_URL", ocsp_url)
+    return ocsp_url
+
+@pytest.fixture
+def trust_outpost_ocsp_url(request, monkeypatch):
+    """Fixture to get the Trust Outpost OCSP URL from command line or use default.  This also sets the environment variable NV_OCSP_URL"""
+    trust_outpost_ocsp_url = request.config.getoption("--trust-outpost-ocsp-url")
+    if trust_outpost_ocsp_url is not None:
+        monkeypatch.setenv("NV_OCSP_URL", trust_outpost_ocsp_url)
+    return trust_outpost_ocsp_url
+
+@pytest.fixture
+def service_key(request):
+    """Fixture to get the service key from command line or use default"""
+    return request.config.getoption("--service-key")

…ests/end_to_end/hardware/LocalGPUTest.py …d_to_end/hardware/sample/LocalGPUTest.pyguest_tools/attestation_sdk/tests/end_to_end/hardware/LocalGPUTest.py renamed to guest_tools/attestation_sdk/tests/end_to_end/hardware/sample/LocalGPUTest.py guest_tools/attestation_sdk/tests/end_to_end/hardware/LocalGPUTest.py renamed to guest_tools/attestation_sdk/tests/end_to_end/hardware/sample/LocalGPUTest.py

@@ -14,7 +14,7 @@
 client.set_claims_version("3.0")
 
 print ("[LocalGPUTest] node name :", client.get_name())
-file = "../../policies/local/NVGPULocalv4PolicyExample.json"
+file = "../../../policies/local/NVGPULocalv4PolicyExample.json"
 
 client.add_verifier(attestation.Devices.GPU, attestation.Environment.LOCAL, "", "")
 

…_end/hardware/LocalGPUTest_ServiceKey.py …rdware/sample/LocalGPUTest_ServiceKey.pyguest_tools/attestation_sdk/tests/end_to_end/hardware/LocalGPUTest_ServiceKey.py renamed to guest_tools/attestation_sdk/tests/end_to_end/hardware/sample/LocalGPUTest_ServiceKey.py guest_tools/attestation_sdk/tests/end_to_end/hardware/LocalGPUTest_ServiceKey.py renamed to guest_tools/attestation_sdk/tests/end_to_end/hardware/sample/LocalGPUTest_ServiceKey.py

@@ -14,7 +14,7 @@
 client.set_nonce("931d8dd0add203ac3d8b4fbde75e115278eefcdceac5b87671a748f32364dfcb")
 
 print ("[LocalGPUTest] node name :", client.get_name())
-file = "../../policies/local/NVGPULocalPolicyExample.json"
+file = "../../../policies/local/NVGPULocalPolicyExample.json"
 
 client.add_verifier(attestation.Devices.GPU, attestation.Environment.LOCAL, "", "")
 

…_end/hardware/LocalGPUTest_claims_2.0.py …rdware/sample/LocalGPUTest_claims_2.0.pyguest_tools/attestation_sdk/tests/end_to_end/hardware/LocalGPUTest_claims_2.0.py renamed to guest_tools/attestation_sdk/tests/end_to_end/hardware/sample/LocalGPUTest_claims_2.0.py guest_tools/attestation_sdk/tests/end_to_end/hardware/LocalGPUTest_claims_2.0.py renamed to guest_tools/attestation_sdk/tests/end_to_end/hardware/sample/LocalGPUTest_claims_2.0.py

@@ -13,7 +13,7 @@
 client.set_nonce("931d8dd0add203ac3d8b4fbde75e115278eefcdceac5b87671a748f32364dfcb")
 
 print ("[LocalGPUTest] node name :", client.get_name())
-file = "../../policies/local/NVGPULocalPolicyExample.json"
+file = "../../../policies/local/NVGPULocalPolicyExample.json"
 
 client.add_verifier(attestation.Devices.GPU, attestation.Environment.LOCAL, "", "")
 

…sts/end_to_end/hardware/RemoteGPUTest.py …_to_end/hardware/sample/RemoteGPUTest.pyguest_tools/attestation_sdk/tests/end_to_end/hardware/RemoteGPUTest.py renamed to guest_tools/attestation_sdk/tests/end_to_end/hardware/sample/RemoteGPUTest.py guest_tools/attestation_sdk/tests/end_to_end/hardware/RemoteGPUTest.py renamed to guest_tools/attestation_sdk/tests/end_to_end/hardware/sample/RemoteGPUTest.py

@@ -27,7 +27,7 @@
 print("[RemoteGPUTest] token : " + str(client.get_token()))
 print("[RemoteGPUTest] call validate_token() - expecting True")
 
-file = "../../policies/remote/v4/NVGPURemotePolicyExample.json"
+file = "../../../policies/remote/v4/NVGPURemotePolicyExample.json"
 with open(os.path.join(os.path.dirname(__file__), file)) as json_file:
     json_data = json.load(json_file)
     remote_att_result_policy = json.dumps(json_data)

…end/hardware/RemoteGPUTest_ServiceKey.py …dware/sample/RemoteGPUTest_ServiceKey.pyguest_tools/attestation_sdk/tests/end_to_end/hardware/RemoteGPUTest_ServiceKey.py renamed to guest_tools/attestation_sdk/tests/end_to_end/hardware/sample/RemoteGPUTest_ServiceKey.py guest_tools/attestation_sdk/tests/end_to_end/hardware/RemoteGPUTest_ServiceKey.py renamed to guest_tools/attestation_sdk/tests/end_to_end/hardware/sample/RemoteGPUTest_ServiceKey.py

@@ -27,7 +27,7 @@
 print("[RemoteGPUTest] token : " + str(client.get_token()))
 print("[RemoteGPUTest] call validate_token() - expecting True")
 
-file = "../../policies/remote/v3/NVGPURemotePolicyExample.json"
+file = "../../../policies/remote/v3/NVGPURemotePolicyExample.json"
 with open(os.path.join(os.path.dirname(__file__), file)) as json_file:
     json_data = json.load(json_file)
     remote_att_result_policy = json.dumps(json_data)